Operational risk in today’s tech savvy organization is of great concern
which emphasizes of shield mechanism to mitigate the loss at adverse
instances. Looking to this very concept the Banking Sector, in handling
its risk management in recent past has acknowledged Operational Risk as
one of the critical areas in covering the risk.

Basel II, the Risk Management Standard for Banks, earlier took into
account only the credit risk and market risk at initiation, but with
increasing severity of operational losses in banks worldwide in the year
2004 a great move was taken by BIS to account for operational failures and
make a suitable provision for the
same so that it can calculate its optimum CAR (Capital adequacy ratio)
along with the coverage of such risk.

Operational Risk charge is one of the
critical associations for the banks to handle as it can result in serious
financial losses if not taken care of. Operational Risk generally includes
internal frauds, mistakes in data entry and others. No such relevant
mathematical formula or analysis is done so forth to figure out the
exact value of operational risk coverage. The given article is an attempt
to bring out the weakness of calculation of operational risk as presented
in the accord of Basel II and provide a better qualitative analysis using
the COSO ERM framework enhancing the quality of risk assessment and
solving various questions rose highlighting the weakness of current
accord.

As per the guidelines of Basel II the operational risk can be calculated
on the basis of three main methods:
1. Basic Indicator Approach
2. Standardized Approach
3. Advanced Measurement Approach

Basic Indicator Approach: As far as BIA is concerned it is just a
regulatory measure defining a fixed rate of risk rate i.e. α which is set
by the supervisor and in current accord it is 15%. The Operational Risk is
calculated as the product of:
K TSA= {∑years 1-3max [∑ (GI1-8* β1-8), 0]}/3
Where:
KTSA = the capital charge under the Standardized Approach
GI1-8 = annual gross income in a given year, as defined above in the Basic
Indicator Approach, for each of the eight business lines
β1-8 = a fixed percentage, set by the Committee, relating the level of
required capital to the level of the gross income for each of the eight
business lines.

The values of the betas are detailed below as per the different Business
Lines:

Business Lines

Beta Factors

Corporate Finance (β1)

18%

Trading & Sales (β2)

18%

Retail Banking (β3)

12%

Commercial Banking (β4)

15%

Payment & Settlement (β5)

18%

Agency Services (β6)

15%

Asset Management (β7)

12%

Retail Brokerage (β8)

12%

As the table depicts the approach specifies stringent business lines with
fixed percentage of risk cover it is not at all suited for banking
organizations that are capable of valuing their own operational risk.
Fixed rate of Beta factor may sometimes result in wrong allocation of
operational risk. The given business line also does not take into account
the Operational Risk Function and the evaluation of Board and Management
in ORM system as their performance should also be evaluated and open
reporting would, hopefully, demonstrate leadership and commitment to
implementation of high quality ORM processes.

Advanced Measurement Approach: The approach makes the bank more
independent as far as calculation of operational risk is concerned The
Internal Measurement Approach provides discretion to individual banks on
the use of internal loss data, while the method to calculate the required
capital is uniformly set by supervisors. In implementing this approach,
supervisors would impose quantitative and qualitative standards to ensure
the integrity of the measurement approach, data quality, and the adequacy
of the internal control environment.

Operational risk basically relates to the concept of quality and
efficiency of employees and staff effecting the organizational information
anyway round.

Henceforth to assess the due operational risk cover the
Qualitative Analysis is a better option at organizational end.

Two Main shortcomings the Accord faces:
1. Is there a set of objective criteria that could be used to evaluate the
‘quality of compliance’ of a particular ORM system? [Quality here would
encompass all of the ‘qualitative standards’ identified in Basel II.]

2. If such a set of criteria exists, is there a mechanism whereby the
‘quality of compliance’ of a particular ORM system’s implementation can be
compared against other implementations within a bank and with similar
situations in other banks?

Basel II identifies the responsibility of independent operational risk
management function as developing strategies to identify, evaluate monitor
and control the OR. Although COSO ERM model is not specifically aligned
with the Basel II but by analyzing the Business Lines on the COSO cube it
may fulfill the following major targets of Basel II ORM:-
• Conceptually sound
• Credible and appropriate and
• Well reasoned, well documented

Implementing Maturity Model as a mechanism for Quality of Compliance in
ORM

The question need to be raised against the approach is primarily that
Basel II asks the banking organization to calculate the regulatory capital
in country like India but the calculation would be more viable if it is
focused on the Economic Capital. As Basel II basically talks about
“supporting an allocation of economic capital for operational risk across
business lines in a manner that creates incentives to improve business
line ORM”, the organization can use the maturity model where the target or
ideal layouts of different business processes can be laid down and then
the gap between the ideal and actual can be analyzed and same can be used
as a indicator to improve in the line with the risk appetite set by the
management.

Thus the above stated two aspects using the available COSO framework and
Maturity Model to result in better compliance of Basel II and leading to
more comprehensive output after the analysis of risk environment of banks
can provide them additional value for calculation of risk exposure
pertaining to qualitative nature. Although compliance in India as far as
Basel II is concerned is at initial level as banks are supposed to adhere
the basic indicator approach only and no supervisor (RBI) has acknowledged
any banks to move further to better processes such as standardized or
advanced approach. So to be at better evaluation state it is recommended
for banks to follow the above two stated existing models for Basel II
compliance.